<?php
/**
 * Created by PhpStorm.
 * User: chniccs
 * Date: 2019-09-29
 * Time: 10:58
 */

namespace app\http\middleware;


use app\model\AdminStores;
use app\util\ReturnCode;

class AdminCheckActive
{
    /**
     * 店铺活动操作检测
     * @param \think\facade\Request $request
     * @param \Closure $next
     * @return mixed|\think\response\Json
     * @author zhaoxiang <zhaoxiang051405@gmail.com>
     */
    public function handle($request, \Closure $next)
    {
        $header = config('apiadmin.CROSS_DOMAIN');
        $userInfo = $request->API_ADMIN_USER_INFO;
        $sid = $request->param('sid');
        //sid是必要参数
        if (isset($sid) && $sid != -1) {
            //限制只能操作其站点下的店铺活动
            $has = AdminStores::get(['tid' => $userInfo['tid'], 'id' => $sid], [], true);
            if (!$has) {
                $data = ['code' => ReturnCode::AUTH_REFUSE, 'msg' => '越权操作', 'data' => []];
                return json($data)->header($header);
            }
        }
        return $next($request);
    }
}